• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Protection of Information Assets

Temple University

Protection of Information Assets

MIS 5206.701 ■ Fall 2023 ■ David Lanter
  • HomePage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Semester
      • Unit #1: Understanding an Organization’s Risk Environment
      • Unit #2: Case Study 1 – Snowfall and stolen laptop
      • Unit #2: Data Classification Process and Models
      • Unit #3: Risk Evaluation
      • Unit #4 Case #2: Autopsy of a Data Breach: The Target Case
      • Unit #5: Creating a Security Aware Organization
      • Unit #6: Physical and Environmental Security
    • Second Half of the Semester
      • Unit #8 Case Study 3 – A Hospital Catches the “Millennium Bug”
      • Unit #9: Business Continuity and Disaster Recovery Planning
      • Unit #10: Network Security
      • Unit #11: Cryptography, Public Key Encryption and Digital Signatures
      • Unit #12: Identity Management and Access Control
      • Unit #13: Computer Application Security
  • Deliverables
    • Weekly Deliverables
      • “In the News” Articles
      • Answers to Reading Discussion Questions
      • Comments on Reading Discussion Question and Other Students’ Answers
    • Case Studies
    • Team Project
  • Zoom link

Question 2

November 16, 2023 by David Lanter 27 Comments

What are secure coding practices and what risks are they intended to mitigate?

Filed Under: Unit 13: Computer Application Security Tagged With:

Reader Interactions

Comments

  1. Andrew Young says

    November 16, 2023 at 10:59 am

    Secure coding or secure programming is the practice of attempting to secure a system or process through the use of practices like input validation, auditing, output processing and validation, access controls, and other methods, which are used to ensure that the underlying infrastructure of an application, web or desktop based, is as secure as possible from an external attack. These are intended to mitigate risks like buffer overflow, SQL or script injection, XML injection, and other assorted risks identified by SANS in their analysis

    Log in to Reply
    • Ikenna Alajemba says

      November 22, 2023 at 11:07 am

      It is interesting that adhering to secure coding strategies ensures the development of resilient software, contributing significantly to the overall cybersecurity landscape.

      Log in to Reply
    • Chidi Okafor says

      November 22, 2023 at 8:18 pm

      Andrew, its noteworthy that you pointed out the goal of secure coding which is to protect the underlying infrastructure (code base) of an application. One of the core elements of secure coding is implementing security practices in the development stage. This induces faster deployment where the security team will not put a lot of efforts post-development.

      Log in to Reply
  2. Ikenna Alajemba says

    November 18, 2023 at 9:05 pm

    Secure coding practices refer to procedural directives that software developers employ to enhance the security and reliability of a software system. This directive touches upon numerous aspects, including prevention of common vulnerabilities and enhancing system robustness against external threats. These methodologies are designed to foresee and combat an array of risks that potentially jeopardize software integrity. Such risks include data breaches, system crashes, unauthorized access, and other forms of cyber threats that may compromise the confidentiality, integrity or availability of the software system. By adhering to secure coding practices, developers can create software that is well-protected against both known and unknown threats. These best practices contribute to the overall cybersecurity landscape, ensuring that software systems are not just functional, but also resilient in the face of evolving threats.

    Log in to Reply
    • Marc Greenberg says

      November 24, 2023 at 1:12 pm

      There are numerous ways to address this questions, I think in addition to developers employing best practices, the input data should be validated, and unnecessary input data should be discarded. Design of security policies-Create a software architecture and design your software to implement and enforce security policies.

      Log in to Reply
  3. Alyanna Inocentes says

    November 19, 2023 at 11:49 pm

    Secure coding practices are essential guidelines followed by developers to write code that minimizes vulnerabilities and enhances the overall security of an application. These practices aim to mitigate risks associated with software development, including injection attacks, unauthorized access, data breaches, and information disclosure.

    By incorporating practices such as input validation, strong authentication, data encryption, and secure communication protocols, developers can mitigate common threats like SQL injection, session hijacking, and man-in-the-middle attacks. Regular code reviews, static analysis, and attention to secure dependencies help identify and address potential vulnerabilities early in the development process.

    Log in to Reply
    • Andrew Young says

      November 21, 2023 at 10:38 am

      It’s a great that these systems are in place to safeguard backend processing like this. I find it interesting how there seem to be even more processes outside of the text itself that are used for “secure coding”. I’m interested in how these systems are tailored or chosen over others for specific use-based cases or organizations

      Log in to Reply
      • Alyanna Inocentes says

        November 29, 2023 at 1:27 am

        I’m sure that these systems are tailored to the organization based on their budget, what problems they’re currently facing, and their priorities. I’m sure that picking out these systems is no different to picking out different security softwares or other security solutions. What do you think?

        Log in to Reply
    • Chidi Okafor says

      November 22, 2023 at 7:58 pm

      Well said, security should be incorporated in the build process by design and not by chance. Following these secure coding practices allows developers to review the code, helping them to rectify any error(s) within the code. Thus, reducing the possibility of a successful attack.

      Log in to Reply
  4. Chidi Okafor says

    November 22, 2023 at 7:50 pm

    Secure coding practices are an assortment of guidelines and standards that help identify and eradicate code vulnerabilities that can compromise software security. It is fundamental to note that as much as secure coding enhances software protection from attackers, it should not be the sole barrier. Some secure coding practices include the following –

    Data protection and privacy.
    Layered defense or defense in depth.
    Data input validation.
    Authentication and password management.
    Logging and auditing.
    Adoption of the principle of least privilege.
    Data sanitization.

    The risks mitigated by secure coding practices include –

    Code injection.
    Buffer overflow.
    Leaked Access keys.
    Cross site script (XSS) injection and race condition.

    Log in to Reply
    • Michael Obiukwu says

      November 26, 2023 at 8:01 pm

      Hi Chidi, I am in total concurrence with this. Secure coding practices serve as a toolbox of standards and guidelines, designed to spot and neutralize coding vulnerabilities that could undermine software security. However, while essential, it should not be the only defense line against cyber threats. Key practices include – ensuring data protection and privacy, implementing layers of defense, authenticating passwords, logging and auditing, enforcing the least privilege principle, and data sanitization. These measures help counteract risks such as code injections, buffer overflows, access key leaks, cross-site script injections, and race conditions.

      Log in to Reply
  5. Marc Greenberg says

    November 23, 2023 at 7:46 am

    SANS indicates that there are possible threat vectors and vulnerabilities, and to make sure the threats are managed well,
    All the input data should be validated, and unnecessary input data should be discarded. Most external data sources, including command line parameters, network interfaces, environment variables, and user control files. Design of security policies-Create a software architecture and design your software to implement and enforce security policies.
    This coupled with zero-trust architecture helps limit attacker access when systems are breached.

    Log in to Reply
    • Alex Ruiz says

      November 28, 2023 at 9:13 pm

      Marc, your emphasis on input data validation and the implementation of security policies is crucial for mitigating threats. It’s evident that a proactive approach is necessary. In light of the evolving threat landscape, how do you see secure coding practices adapting to new technologies, and what role do you think continuous monitoring and updates play in maintaining the resilience of these practices over time?

      Log in to Reply
  6. Jeffrey Sullivan says

    November 25, 2023 at 9:04 am

    These secure coding practices that are used to ensure proper security which are embedded within the design developmental stages of said application. If the proper design methodology is used in the development, then risk can be mitigated, according got SANS, “The application should know what is coming in, all the input data should be validated and all the unnecessary input data should be discarded”. Some of the benefits of this one practice include Avoiding buffer flow, script injection, SQL injection, format strings vulnerabilities and countering SPAM etc. SANS goes on to cover other practices like, Input validation, Program control, logic flow, database access etc. but feel that the design section is the foundation of all that follow and if that is design correctly it will lessen the risk on the other practices but does not solve it completely.

    Log in to Reply
    • Kelly Conger says

      December 6, 2023 at 12:54 pm

      I completely agree. Secure coding practices embedded within the design phase are crucial for mitigating risk. As SANS emphasizes, input validation is essential to prevent vulnerabilities like buffer overflows and SQL injection. While this practice is critical, it’s crucial to recognize that secure design lays the foundation for all other aspects. A well-designed application inherently minimizes the risk surface, simplifying the implementation of additional security practices like input validation and program control. While a perfect design doesn’t eliminate risk, it significantly reduces the vulnerabilities that attackers can exploit. I’d love to take a Security DevOps class. We see many bad practices in our Dev team, such as hard coding passwords. UGH! Great post, Jeff.

      Log in to Reply
  7. Ashley A. Jones says

    November 26, 2023 at 12:33 am

    Secure coding practices include considering security when choosing a technology for the application, having good flow and controls when structuring the application, enabling only trusted resources to interact with the application, limiting access to data to only program logic and processing, and guarding outgoing traffic from the application. Prioritizing these goals will mitigate risks associated with script, SQL, XSS, Command Injections/ Shell escape, format string vulnerabilities and counter SPAM, buffer flow, race conditions, DATA theft, etc.

    Log in to Reply
  8. Akintunde Akinmusire says

    November 26, 2023 at 4:45 pm

    Secure coding is the process by which developers write their codes to mitigate cyber-attacks. Secure coding practices help to mitigate various risks such as injection attacks, hijacking of sessions, privilege escalation, and unauthorized access. Some of the best practices include access control, system configuration, authentication, validation of inputs, and so on.

    Log in to Reply
    • Erskine Payton says

      November 27, 2023 at 6:30 pm

      Hi Akintunde, your response is straight to the point allowing someone who has no idea about secure coding and why it is used. Some companies are not even aware let alone know why secure coding is important. your response quickly answers the question, “What is secure coding?” Thanks for sharing.

      Log in to Reply
  9. Kelly Conger says

    November 26, 2023 at 6:08 pm

    Secure coding entails implementing best practices throughout the development process to enhance security. Developers should receive training in secure coding techniques to fortify their software against threats. Essential aspects to scrutinize during testing include robust input validation, secure output encoding, and effective access control. This proactive approach aims to preempt vulnerabilities, establishing a secure deployment and testing environment. By doing so, we can assure that the software operates as intended and provide a reliably safe environment for both clients and stakeholders, reinforcing trust and integrity in our applications.

    Log in to Reply
    • Akiyah says

      November 28, 2023 at 9:31 pm

      Hi Kelly,
      It would be highly beneficial for developers to undergo comprehensive training in secure coding practices. This training could cover additional various aspects of development security, reducing the risk of vulnerabilities in applications. Some companies may lack the necessary tools for thorough security scans, making developer training an essential preventive measure. Topics such as preventing session hijacking, restricting cross-site origin requests, and protecting against cookie theft, to name a few, could be included in this training.

      Log in to Reply
  10. Michael Obiukwu says

    November 26, 2023 at 7:59 pm

    Secure coding practices are security measures effectively applied in various stages of software development to reduce system vulnerabilities and exploit potential. These practices are intended to mitigate risks such as unauthorised data access, data corruption, or system crashes which can result in substantial financial loss and permanent reputational damage.

    These practices cover a broad range of aspects within the software development lifecycle. They include, but are not limited to, code review, input validation, encryption algorithms, and error handling procedures. Code reviews, for example, allow the detection of potential security threats early in the development stage. Input validation, on the other hand, can prevent the execution of harmful queries that could potentially cause unauthorized access or data loss.

    Implementation of secure coding practices is increasingly becoming an imperative in the digital era marked by frequent and sophisticated cyber-attacks. These practices are designed to predict multiple risk scenarios and guard the software system against them. In essence, they form a significant part of a cohesive security strategy aiming to strike a balance between functionality and security in software systems, thus providing users with a reliable and secure operating environment.

    Log in to Reply
  11. Alex Ruiz says

    November 26, 2023 at 8:16 pm

    Secure coding practices are a set of guidelines/techniques that developers follow to write code that is more resistant to security threats and vulnerabilities. Secure coding’s purpose is to create more robust and secure software that protects against various types of attacks and ensures the confidentiality, integrity, and availability of data and systems. Here are some examples of secure coding practices and what they aim to mitigate: Input Validation/Sanitation: prevent input from being used to inject malicious code into your application – Injection Attacks, Authentication and Authorization – Preventing unauthorized access, Session Management: session tokens to ensure session data is protected from unauthorized access or tampering- Session Hijacking, Error Handling: Proper error handling to avoid exposing sensitive information to attackers ex: generic error messages- info disclosure, Data encryption: using strong encryption to protect data in transit and at rest – data interception.

    Log in to Reply
    • Ashley A. Jones says

      November 28, 2023 at 3:52 pm

      Alex,

      Your response is right on point with listing the secure coding practices followed by the risk mitigated in a sort of table style. I like this approach and may use this going forward along with an example of how this coding practice would be executed in an everyday scenario.

      Log in to Reply
  12. Erskine Payton says

    November 26, 2023 at 8:44 pm

    Secure coding is a designing code principle that uses security best practices to safeguards and protects code from known, unknown and unexpected vulnerabilities such as security exploits, the loss of cloud secrets, embedded credentials, shared keys, confidential business data and personally identifiable information (PII). Some secure coding practices include Access Control, Authentication/Password Management, System Configuration, and Data Protection to name a few.

    Log in to Reply
    • Akintunde Akinmusire says

      November 28, 2023 at 8:17 pm

      Hi Erskine,
      I agree that secure coding is the process that developers use to safeguard code from vulnerabilities. I also like the examples you gave to safeguard codes. If developers follow secure coding practices, it would be difficult for attackers to attack websites and desktop applications.

      Log in to Reply
  13. Akiyah says

    November 26, 2023 at 9:29 pm

    Secure coding practices are necessary guidelines to assist developers in composing/designing secure code, minimizing vulnerabilities that could be exploited by malicious actors. These practices serve as proactive measures to mitigate potential attacks on software systems.

    Employing input validation, such as sanitizing user inputs, helps guard against SQL injection attacks. By implementing stringent session controls, the likelihood of a bad actor hijacking a user session is significantly reduced. Additionally, effective error handling plays a crucial role; instead of providing specific error details, presenting a generic message to users enhances security by preventing attackers from gaining insights into potential weaknesses. For instance, when dealing with authentication errors, it’s advisable to provide a generic message like “The information you entered is incorrect, please try again,” instead of specifying whether the issue lies with the username or password.

    Secure coding practices are a proactive approach to building software that prioritizes resilience against potential security threats, offering a robust defense against various attack vectors.

    Log in to Reply
    • Ashley A. Jones says

      November 28, 2023 at 3:46 pm

      Akiyah, I like that you gave an example to emphasize the importance of not outputting too much information when user input is invalid. This is something that is so important but can oftentimes get lost (EASILY lost) when doing the vast number of things needed for an organization to remain efficiently operational. Testing user inputs during specific platform upgrades is something that I spearhead now for my department so I will keep these important tips in mind.

      Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Unit 01: Understanding an Organization's Risk Environment (5)
  • Unit 02: Case Study 1 – Snowfall and a stolen laptop (2)
  • Unit 02: Data Classification Process and Models (6)
  • Unit 03: Risk Evaluation (6)
  • Unit 04: Case Study 2 – Autopsy of a Data Breach – The Target Case (4)
  • Unit 05: Creating a Security Aware Organization (6)
  • Unit 06: Physical and Environmental Security (6)
  • Unit 08: Case Study 3 – A Hospital Catches the "Millennium Bug" (3)
  • Unit 09: Business Continuity and Disaster Recovery (6)
  • Unit 10: Network Security (6)
  • Unit 11: Cryptography, Public Key Encryption and Digital Signature (6)
  • Unit 12: Identity Management and Access Control (6)
  • Unit 13: Computer Application Security (6)
  • Welcome (1)

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in